package com.goldgov.kduck.config;

import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.expression.SecurityExpressionHandler;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.StringUtils;
import org.springframework.web.client.RestTemplate;

import javax.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Map;

/**
 * 因 WebExpressionVoter 中的 WebExpressionConfigAttribute 只能在同package中使用，此voter 仿照WebExpressionVoter
 */
public class ExpressionVoter implements AccessDecisionVoter<FilterInvocation> {
    private SecurityExpressionHandler<FilterInvocation> expressionHandler = new DefaultWebSecurityExpressionHandler();
    private AntPathMatcher matcher = new AntPathMatcher();
    private RestTemplate restTemplate;
    public ExpressionVoter(RestTemplate restTemplate) {
        this.restTemplate=restTemplate;
    }



    @Override
    public int vote(Authentication authentication, FilterInvocation fi,
                    Collection<ConfigAttribute> attributes) {
        assert authentication != null;
        assert fi != null;
        assert attributes != null;
        ExpressionConfigAttribute eca = findConfigAttribute(attributes);
        HttpServletRequest request = fi.getHttpRequest();
        String requestPath = getRequestPath(request);
        String method = request.getMethod();

//        if (eca == null) {
//        return ACCESS_ABSTAIN;
//        }s
        String url = "";
        if (requestPath.indexOf("api-")!=-1){
            ArrayList<String> result = new ArrayList<>();
            String[] split = requestPath.split("/");
            for (int i =0;i<split.length;i++){
                if (split[i].indexOf("api-")!=-1){
                    continue;
                }
                url +=split[i]+"/";

            }
        }
        if (StringUtils.hasLength(url)){
            url=url.substring(0,url.length()-1);
        }else{
            url = requestPath;
        }
//        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
//        for (GrantedAuthority authority : authorities) {
//            if("ROLE_ANONYMOUS".equals(authority.getAuthority())){
//                return ACCESS_DENIED;
//            }
//        }
        
        
        if (matcher.match("/hello", url) && method.equals("GET")) {
            return ACCESS_GRANTED;
        }

//
//        EvaluationContext ctx = expressionHandler.createEvaluationContext(authentication, fi);
//
//        int result = ExpressionUtils.evaluateAsBoolean(eca.getAuthorizeExpression(), ctx) ? ACCESS_GRANTED : ACCESS_DENIED;
        return ACCESS_DENIED;
    }
    public String getRequestPath(HttpServletRequest request) {
        String url = request.getServletPath();
        String pathInfo = request.getPathInfo();
        if (pathInfo != null) {
            url = url != null  ? url + pathInfo : pathInfo;
        }
        return url;
    }
    private ExpressionConfigAttribute findConfigAttribute(
        Collection<ConfigAttribute> attributes) {
        for (ConfigAttribute attribute : attributes) {
            if (attribute instanceof ExpressionConfigAttribute) {
                return (ExpressionConfigAttribute) attribute;
            }
        }
        return null;
    }

    @Override
    public boolean supports(ConfigAttribute attribute) {
        return attribute instanceof ExpressionConfigAttribute;
    }

    @Override
    public boolean supports(Class<?> clazz) {
        return FilterInvocation.class.isAssignableFrom(clazz);
    }

}
